Regulations and HiPPA Compliance For Enterprise mHealth Applications

RapidValue

May 3, 2012

Share

There are a number of regulations and policies such as HiPPA (Health Insurance Portability and Accountability Act), HITECH (Health Information Technology for Economic and Clinical Health), and recommendations put forth by The Food and Drug Administration (FDA) which provide guidelines for mobile health devices. It is important for the Health Care Organizations to understand these regulations before rolling out mobile health applications. mHealth application developers should focus on improving the device security in a variety of methods, including strict user access restriction and back up plans, in the event of a device being inactive.

The use of smartphones and tablets are gaining rapid traction among health care practitioners, pharmacists, and patients. Mobility is transforming the quality, pace and cost of health care delivery by integrating and providing quick access to information across touch points. These devices make scheduling, tracking, and reviewing easier and more efficient, significantly improving the operational efficiency and doctor patient relationship. Though an increasing number of hospitals and practitioners are adapting mobility, there are critical security challenges that need to be addressed.

With the rapid adoption of tablets and smartphones, health care organizations are posed with new challenges and risks, as their networks are connected to multiple touch points. Some of the common risks that are associated with these devices include:

Theft or loss of devices

Insecure data storage and unauthorized data access

Transmitting data over public internetsHacking and phishing

Lack of control over devices with access to sensitive data

Lack of compliance to industry standards and regulations

In a recent survey conducted by Government Health IT and sponsored by federal contractor Booz Allen Hamilton, it was reported that the number of health-care related data breaches increased by 97% between 2010 and 2011. In yet another study (Ponemon Institute’s 2011 Benchmark Study on Patient Privacy and Data Security), it was found that the frequency of patient data losses at healthcare organizations has increased by 32% compared to last year. These studies highlight the criticality of ensuring data security in health care organizations.

There are a number of regulations and policies such as HiPPA (Health Insurance Portability and Accountability Act), HITECH (Health Information Technology for Economic and Clinical Health) and recommendations put forth by The Food and Drug Administration (FDA) which provide guidelines to secure mobile health devices.

To ensure adherence to these industry regulations, proper measures should be taken by hospitals and health care organizations to secure wireless networks and prevent theft or unauthorized access to patient’s medical record.

It is important for the Health Care Organisations to understand these regulations before rolling out mobile health applications. mHealth application developers should focus on improving the device security in a variety of methods including strict user access restriction and back up plans in the event of device going down.

While developing mobile apps, a holistic strategy should be adopted. RapidValue’s framework of implementing a secure mobile application is based on the CMS guidance with recommendations from development and implementation perspectives.

Some of the mandatory security measures that need to be considered while developing mobile health app include:

Securing devices

Securing data

Preventing unauthorized access

Performing risk analysis

Securing all data with a reliable back up mechanism

To understand in detail about integrating various regulations and recommendations and security best practices while developing and implementing mobile health app, download our latest whitepaper. This whitepaper outlines some of the key evaluation criteria on regulations and security considerations in healthcare sec tor that need to be addressed while implementing mobility applications.